Libmpk - Software Abstraction for Intel Memory Protection Keys

Explore a conference talk from USENIX ATC '19 that delves into libmpk, a software abstraction for Intel Memory Protection Keys (MPK). Learn about the challenges faced by the current hardware implementation and software support of MPK, including security vulnerabilities, scalability limitations, and semantic incompatibilities. Discover how libmpk addresses these issues by virtualizing hardware protection keys, providing access to unlimited virtualized keys, and supporting legacy applications through lazy inter-thread key synchronization. Gain insights into the application of libmpk in real-world scenarios such as OpenSSL, JavaScript JIT compiler, and Memcached for enhanced memory protection and isolation. Understand the performance benefits of libmpk, which introduces minimal overhead compared to unprotected versions and significantly improves performance compared to secure equivalents using mprotect(). The talk covers key concepts including protection-key-use-after-free vulnerabilities, virtualization of protection keys, inter-thread key synchronization, metadata protection, and practical applications in security-critical memory regions.

Intro
SECURITY CRITICAL MEMORY REGIONS NEED PROTECTION
EXAMPLE 1 - HEARTBLEED ATTACK
EXAMPLE 1. EXISTING SOLUTION TO PROTECT MEMORY Process separation
PROBLEMS OF EXISTING SOLUTIONS
OUTLINE
UNDERLINE IMPLEMENTATION
EXAMPLE - JIT PAGE WAX PROTECTION
ASYNCHRONOUS PERMISSION CHANGE - PROS
LATENCY - KEY VIRTUALIZATION
RELATED WORK
CONCLUSION
DISCUSSION Rogue data cache load (Meltdown)